diff --git a/Jenkinsfile b/Jenkinsfile index 824cb2b..61c0196 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -36,7 +36,7 @@ pipeline { CI_PORT='2375' CI_SSL='false' CI_DELAY='120' - CI_DOCKERENV='TZ=Europe/London' + CI_DOCKERENV='' CI_AUTH='' CI_WEBPATH='' } diff --git a/README.md b/README.md index daaa829..4a6901e 100644 --- a/README.md +++ b/README.md @@ -158,9 +158,9 @@ Containers are configured using parameters passed at runtime (such as those abov | Parameter | Function | | :----: | --- | -| `-e ALLOW_START=0` | `/containers/{id}/start` | -| `-e ALLOW_STOP=0` | `/containers/{id}/stop` | -| `-e ALLOW_RESTARTS=0` | `/containers/{id}/stop`, `/containers/{id}/restart`, and `/containers/{id}/kill` | +| `-e ALLOW_START=0` | `/containers/{id}/start` - **This option will work even if `POST=0`** | +| `-e ALLOW_STOP=0` | `/containers/{id}/stop` - **This option will work even if `POST=0`** | +| `-e ALLOW_RESTARTS=0` | `/containers/{id}/stop`, `/containers/{id}/restart`, and `/containers/{id}/kill` - **This option will work even if `POST=0`** | | `-e AUTH=0` | `/auth` | | `-e BUILD=0` | `/build` | | `-e COMMIT=0` | `/commit` | @@ -308,6 +308,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **26.08.24:** - Change `ALLOW_START`, `ALLOW_STOP`, and `ALLOW_RESTARTS` to work even with `POST=0`. * **24.05.24:** - Rebase to Alpine 3.20. * **15.04.24:** - Allow disabling IPv6 support for legacy devices. * **08.04.24:** - Use nginx due to haproxy's wonky websockets handling. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index eb7a178..c36055a 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -6,7 +6,6 @@ external_type: alpine_repo release_type: stable release_tag: latest ls_branch: main -build_armhf: false repo_vars: - BUILD_VERSION_ARG = 'NGINX_VERSION' - LS_USER = 'linuxserver' @@ -25,6 +24,6 @@ repo_vars: - CI_PORT='2375' - CI_SSL='false' - CI_DELAY='120' - - CI_DOCKERENV='TZ=Europe/London' + - CI_DOCKERENV='' - CI_AUTH='' - CI_WEBPATH='' diff --git a/readme-vars.yml b/readme-vars.yml index 4eb3c61..ca5c769 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -162,9 +162,9 @@ full_custom_readme: | | Parameter | Function | | :----: | --- | - | `-e ALLOW_START=0` | `/containers/{id}/start` | - | `-e ALLOW_STOP=0` | `/containers/{id}/stop` | - | `-e ALLOW_RESTARTS=0` | `/containers/{id}/stop`, `/containers/{id}/restart`, and `/containers/{id}/kill` | + | `-e ALLOW_START=0` | `/containers/{id}/start` - **This option will work even if `POST=0`** | + | `-e ALLOW_STOP=0` | `/containers/{id}/stop` - **This option will work even if `POST=0`** | + | `-e ALLOW_RESTARTS=0` | `/containers/{id}/stop`, `/containers/{id}/restart`, and `/containers/{id}/kill` - **This option will work even if `POST=0`** | | `-e AUTH=0` | `/auth` | | `-e BUILD=0` | `/build` | | `-e COMMIT=0` | `/commit` | @@ -312,6 +312,7 @@ full_custom_readme: | ## Versions + * **26.08.24:** - Change `ALLOW_START`, `ALLOW_STOP`, and `ALLOW_RESTARTS` to work even with `POST=0`. * **24.05.24:** - Rebase to Alpine 3.20. * **15.04.24:** - Allow disabling IPv6 support for legacy devices. * **08.04.24:** - Use nginx due to haproxy's wonky websockets handling. diff --git a/root/templates/default_nopost.template b/root/templates/default_nopost.template index 1d57e7c..eda3582 100644 --- a/root/templates/default_nopost.template +++ b/root/templates/default_nopost.template @@ -33,9 +33,9 @@ server { include /etc/nginx/proxy.conf; - location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) {limit_except GET HEAD {deny all;}if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;} - location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start {limit_except GET HEAD {deny all;}if ($path_start = 0){return 403;}proxy_pass http://unix:$dockersocket;} - location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop {limit_except GET HEAD {deny all;}if ($path_stop = 0){return 403;}proxy_pass http://unix:$dockersocket;} + location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;} + location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start {if ($path_start = 0){return 403;}proxy_pass http://unix:$dockersocket;} + location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop {if ($path_stop = 0){return 403;}proxy_pass http://unix:$dockersocket;} location ~* ^(/v[\d\.]+)?/auth {limit_except GET HEAD {deny all;}if ($path_auth = 0){return 403;}proxy_pass http://unix:$dockersocket;} location ~* ^(/v[\d\.]+)?/build {limit_except GET HEAD {deny all;}if ($path_build = 0){return 403;}proxy_pass http://unix:$dockersocket;} location ~* ^(/v[\d\.]+)?/commit {limit_except GET HEAD {deny all;}if ($path_commit = 0){return 403;}proxy_pass http://unix:$dockersocket;} diff --git a/root/templates/default_nopost_ipv4.template b/root/templates/default_nopost_ipv4.template index 6ca35a5..51a114c 100644 --- a/root/templates/default_nopost_ipv4.template +++ b/root/templates/default_nopost_ipv4.template @@ -32,9 +32,9 @@ server { include /etc/nginx/proxy.conf; - location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) {limit_except GET HEAD {deny all;}if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;} - location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start {limit_except GET HEAD {deny all;}if ($path_start = 0){return 403;}proxy_pass http://unix:$dockersocket;} - location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop {limit_except GET HEAD {deny all;}if ($path_stop = 0){return 403;}proxy_pass http://unix:$dockersocket;} + location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;} + location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start {if ($path_start = 0){return 403;}proxy_pass http://unix:$dockersocket;} + location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop {if ($path_stop = 0){return 403;}proxy_pass http://unix:$dockersocket;} location ~* ^(/v[\d\.]+)?/auth {limit_except GET HEAD {deny all;}if ($path_auth = 0){return 403;}proxy_pass http://unix:$dockersocket;} location ~* ^(/v[\d\.]+)?/build {limit_except GET HEAD {deny all;}if ($path_build = 0){return 403;}proxy_pass http://unix:$dockersocket;} location ~* ^(/v[\d\.]+)?/commit {limit_except GET HEAD {deny all;}if ($path_commit = 0){return 403;}proxy_pass http://unix:$dockersocket;}